Detections
Analytics

Cisco UCS Manager Software Local Management CLI DoS (cisco-sa-ucs-cli-dos-GQUxCnTe)

low Nessus Plugin ID 140213

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco Unified Computing System (Managed) is affected by a DoS vulnerability.
The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an affected device. A sustained attack may result in a restart of internal UCS Manager processes and a temporary loss of access to the UCS Manager CLI and web UI.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvr91760

See Also

http://www.nessus.org/u?9fa2bae3

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr91760

Plugin Details

Severity: Low

ID: 140213

File Name: cisco-sa-ucs-cli-dos-GQUxCnTe.nasl

Version: 1.5

Type: remote

Family: CISCO

Published: 9/4/2020

Updated: 2/24/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-3504

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:unified_computing_system

Required KB Items: Settings/ParanoidReport, installed_sw/cisco_ucs_manager

Exploit Ease: No known exploits are available

Patch Publication Date: 8/26/2020

Vulnerability Publication Date: 8/26/2020

Reference Information

CVE: CVE-2020-3504

CWE: 664

CISCO-SA: cisco-sa-ucs-cli-dos-GQUxCnTe

IAVA: 2020-A-0398-S

CISCO-BUG-ID: CSCvr91760